Home
»
Discussion Forums
»
Monitoring - VSA
»
Adding additional Event Logs to monitor
Subscribe via RSS
Share this
Similar Posts
Event Log Monitoring
by
LegacyPoster
on
Mar 26, 2010
Event Log Monitor
by
stevenrj
on
Jul 29, 2015
Verified Answer
Event Log Monitoring and Wildcards
by
zippo
on
Jul 26, 2016
Event log monitoring woes
by
Paul Hite
on
Aug 27, 2010
Event Log Monitoring
by
gareth25
on
Feb 4, 2011
Verified Answer
View More
Details
17
Replies
0
Subscribers
Posted
over 13 years ago
Monitoring - VSA
Adding additional Event Logs to monitor
Posted by
LegacyPoster
on
Dec 20, 2007 10:51 PM
I may be missing something simple, but how can we monitor additional event log types? like the "Directory Service" event log on all DCs, or custom event logs etc.
Thanks in advance,
N
Legacy Forum Name: Adding additional Event Logs to monitor,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 29, 2006 11:46 AM
So far Kaseya support has informed me that they can only watch for events in the app/sec/system event logs.
How can we monitor an AD domain without watching the Directory Service log?
Has anyone found a solution for this?
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 29, 2006 2:23 PM
Nothing yet. I just keep thinking this is just a miss sight by Kaseya and we will get an update that fixes it. I have been thinking this since April last year.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: far182
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 5:24 AM
Yes, it does not seem so. I've e-mailed back and forth with kaseya support 4 times now, just trying to get them to understand what the "directory service" log is.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 5:50 AM
Hey Guys,
Kaseya knows the importance in these logs, there has just been alot of things changing in the product. They are aware of the Logs that need to be added. But the reality is that there needs to be a new interface added for the additional log files. As you know more and more applications now days are just registering their own log files for the application Examples of this are:
Internet Exploder 7: Has its own log
A-Vast Antivirus: Has its own log
Spy-Dr: Has its own log
That does not even count the existing logs needed in the
c$\WINDOWS\system32\config
DnsEvent.Evt
NTDS.Evt
NtFrs.Evt
Kaseya is aware... just hold tight.. its been some time I know.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: sourceminer
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 6:47 AM
Yeah, it would work to just use the same interface, but let us add additional log sources.
I don't know now everyone using this product has survived without this feature. The best way to monitor the health of Active Directory is through the directory service log.
Does anyone know of any alternatives to monitor AD health using kseya?
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 6:51 AM
Download and install LogParser.txt
Adding additional log sources requires a new interface.
Believe me I share your pain...
The only other way I have seen this done is by using MS Log Parser 2.2
Install the product and then have it read the event log looking for some events and output a log file with the result. Alert based on that.
I have the first part attached to this post which will download the product and install it.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: sourceminer
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 7:30 AM
This is worth a shot, Could you share with us how you have/would configure an alert to use this?
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 7:37 AM
Run a script every hour.
This script would run log parser to look for specific events in the specified log file. Output to another log if it does contain something.
A second script would follow as part of the first that would send an email if the first script has that something in the log file.
Hope that makes sence.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: sourceminer
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Dec 30, 2006 8:43 AM
So this is what your script would Execute:
C:\Program Files\Log Parser 2.2>logparser -i:evt -o:CSV "SELECT * INTO test.csv
FROM 'Directory Service' WHERE EventID='1126'"
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: sourceminer
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Apr 11, 2007 7:17 PM
Anyone heard anything about Kaseya letting you add Additional Logs such as Directory Service? File Replication? or other custom Event logs?
We need this!
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
May 6, 2007 8:28 PM
Bump...
I think this is an important addition.
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: shaaad
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Sep 5, 2007 7:58 AM
Is there no movement on this topic at all? How are we supposed to monitor Windows Server 2008, Windows Vista, Office 2007, etc without this functionality. Our customers are staying current with technology, but the capabilities of monitoring are not keeping pace.
At a MINIMUM I am looking for a better solution that Log Parser for the Directory Services and FRS log files. These have been standard since Windows 2000, so its unclear to me why this functionality is still lacking.
Also, any update on if 5.0 will have this capability and if so when it will be released?
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: jsammons
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Sep 27, 2007 6:04 PM
Question: Regarding Directory services monitoring. Windows support SNMP monitoring so is there not a way to use this function to get this type of monitoring? NABLE from what I know of is basicaly JUST SNMP so again would this not be a possible alternative until the new release is available?
Don
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: PITG
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
Posted by
LegacyPoster
on
Sep 28, 2007 9:17 AM
..ooOO00::BUMP::00OOoo..
Adding my voice to the forum. This feature is desperately needed. Even a promise of releasing it with v5 would help a lot!
Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
Legacy Posted By Username: ttroyer
You have posted to a forum that requires a moderator to approve posts before they are publicly available.
>